Allowing OSPF through PIX, for dynamic Internet backup

I am trying to setup an external router to advertise a default route with OSPF through a PIX to an inside router using 'default-information originate' (not always), this way the internal router will switch to a floating default static route pointing to another PIX connected to a DSL router for backup if the primary routers default route goes down.

Using static (inside,outside) and static (outside,inside) [PIX6.2] I am able to get each router to think it is on the same L2 segment as the other, then changing the OSPF network type to non-broadcast and setting neighbor statements I get the two routers to form an adjacency (shows FULL), however no routing information is being populated into either routing table. I have loopbacks with /32's defined on both routers and participating in OSPF, just so I could see if any network information was being passed. I can see the advertised networks of the other router in a 'show ip ospf database', but not in the routing table. I have an access-list on the PIX permitting OSPF traffic (ip protocol 89) between the routers, and it seems that hellos and LSAs are getting through.

Any ideas? It seems very close...

You cannot do it that way. Configure a GRE tunnel between the 2 OSPF routers through the PIX. If you want added security, you may also IPSec the GRE tunnel.

Following is a sample config



